User Tools

Site Tools


documentation:examples:pf_and_carp_lab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
documentation:examples:pf_and_carp_lab [2017/07/07 00:52] – external edit 127.0.0.1documentation:examples:pf_and_carp_lab [2021/11/25 14:04] (current) – [pf synchronisation] olivier
Line 15: Line 15:
 BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script
 Setting-up a virtual lab with 4 VM(s): Setting-up a virtual lab with 4 VM(s):
-- Working directory: /tmp/BSDRP +- Working directory: /root/BSDRP-VMs 
-- Each VM have core(s) and 256M RAM+- Each VM has a total of 1 (1 cores and 1 threads) and 512M RAM 
 +- Emulated NIC: virtio-net 
 +- Switch mode: bridge + tap
 - 2 LAN(s) between all VM - 2 LAN(s) between all VM
 - Full mesh Ethernet links between each VM - Full mesh Ethernet links between each VM
-VM 1 have the following NIC: +VM 1 has the following NIC: 
-- vtnet0 connected to VM 2. +- vtnet0 connected to VM 2 
-- vtnet1 connected to VM 3. +- vtnet1 connected to VM 3 
-- vtnet2 connected to VM 4.+- vtnet2 connected to VM 4
 - vtnet3 connected to LAN number 1 - vtnet3 connected to LAN number 1
 - vtnet4 connected to LAN number 2 - vtnet4 connected to LAN number 2
-VM 2 have the following NIC: +VM 2 has the following NIC: 
-- vtnet0 connected to VM 1. +- vtnet0 connected to VM 1 
-- vtnet1 connected to VM 3. +- vtnet1 connected to VM 3 
-- vtnet2 connected to VM 4.+- vtnet2 connected to VM 4
 - vtnet3 connected to LAN number 1 - vtnet3 connected to LAN number 1
 - vtnet4 connected to LAN number 2 - vtnet4 connected to LAN number 2
-VM 3 have the following NIC: +VM 3 has the following NIC: 
-- vtnet0 connected to VM 1. +- vtnet0 connected to VM 1 
-- vtnet1 connected to VM 2. +- vtnet1 connected to VM 2 
-- vtnet2 connected to VM 4.+- vtnet2 connected to VM 4
 - vtnet3 connected to LAN number 1 - vtnet3 connected to LAN number 1
 - vtnet4 connected to LAN number 2 - vtnet4 connected to LAN number 2
-VM 4 have the following NIC: +VM 4 has the following NIC: 
-- vtnet0 connected to VM 1. +- vtnet0 connected to VM 1 
-- vtnet1 connected to VM 2. +- vtnet1 connected to VM 2 
-- vtnet2 connected to VM 3.+- vtnet2 connected to VM 3
 - vtnet3 connected to LAN number 1 - vtnet3 connected to LAN number 1
 - vtnet4 connected to LAN number 2 - vtnet4 connected to LAN number 2
-For connecting to VM'serial console, you can use: +To connect VM'serial console, you can use: 
-- VM 1 : cu -l /dev/nmdm1B +- VM 1 : cu -l /dev/nmdm-BSDRP.1B 
-- VM 2 : cu -l /dev/nmdm2B +- VM 2 : cu -l /dev/nmdm-BSDRP.2B 
-- VM 3 : cu -l /dev/nmdm3B +- VM 3 : cu -l /dev/nmdm-BSDRP.3B 
-- VM 4 : cu -l /dev/nmdm4B+- VM 4 : cu -l /dev/nmdm-BSDRP.4B
 </code> </code>
  
Line 85: Line 87:
 sysrc pflog_enable=YES sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1 sysrc pfsync_syncdev=vtnet1
-mount -uw / +sysrc kld_list="carp"
-echo "carp_load="YES">> /boot/loader.conf.local +
-mount -ur /+
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
  
Line 131: Line 131:
 sysrc ifconfig_vtnet4="inet 2.2.2.3/24" sysrc ifconfig_vtnet4="inet 2.2.2.3/24"
 sysrc ifconfig_vtnet4_ipv6="inet6 2001:db8:2:2:2::3 prefixlen 64" sysrc ifconfig_vtnet4_ipv6="inet6 2001:db8:2:2:2::3 prefixlen 64"
-sysrc ifconfig_vtnet4_alias0="inet 10.0.0.254/32 vhid 3 advskew 200 pass testpass42"+sysrc ifconfig_vtnet4_alias0="inet 2.2.2.254/32 vhid 3 advskew 200 pass testpass42"
 sysrc ifconfig_vtnet4_alias1="inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4 advskew 200 pass testpass62" sysrc ifconfig_vtnet4_alias1="inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4 advskew 200 pass testpass62"
 sysrc pf_enable=YES sysrc pf_enable=YES
Line 137: Line 137:
 sysrc pflog_enable=YES sysrc pflog_enable=YES
 sysrc pfsync_syncdev=vtnet1 sysrc pfsync_syncdev=vtnet1
-mount -uw / +sysrc kld_list="carp"
-echo "carp_load="YES">> /boot/loader.conf.local +
-mount -ur /+
 echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf echo "net.inet.carp.preempt=1" >> /etc/sysctl.conf
  
Line 198: Line 196:
 <code> <code>
 [root@VM2]~# ifconfig vtnet3 [root@VM2]~# ifconfig vtnet3
-vtnet3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500+vtnet3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:02:00:02         ether 58:9c:fc:02:00:02
Line 204: Line 202:
         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1
         inet6 fe80::5a9c:fcff:fe02:2%vtnet3 prefixlen 64 scopeid 0x4         inet6 fe80::5a9c:fcff:fe02:2%vtnet3 prefixlen 64 scopeid 0x4
-        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +        inet6 2001:db8:10::2 prefixlen 64 
-        mediaEthernet 10Gbase-T <full-duplex> +        inet6 2001:db8:10::fe prefixlen 128 vhid 2
-        statusactive+
         carp: MASTER vhid 1 advbase 1 advskew 100         carp: MASTER vhid 1 advbase 1 advskew 100
 +        carp: MASTER vhid 2 advbase 1 advskew 100
 +        media: Ethernet autoselect (10Gbase-T <full-duplex>)
 +        status: active
 +        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 [root@VM2]~# ifconfig vtnet4 [root@VM2]~# ifconfig vtnet4
-vtnet4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500+vtnet4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:02:00:02         ether 58:9c:fc:02:00:02
-        inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255 +        inet 2.2.2.2 netmask 0xffffff00 broadcast 2.2.2.255 
-        inet 10.0.0.254 netmask 0xffffffff broadcast 10.0.0.254 vhid 2+        inet 2.2.2.254 netmask 0xffffffff broadcast 2.2.2.254 vhid 3
         inet6 fe80::5a9c:fcff:fe02:2%vtnet4 prefixlen 64 scopeid 0x5         inet6 fe80::5a9c:fcff:fe02:2%vtnet4 prefixlen 64 scopeid 0x5
 +        inet6 2001:db8:2:2:2::2 prefixlen 64
 +        inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4
 +        carp: MASTER vhid 3 advbase 1 advskew 100
 +        carp: MASTER vhid 4 advbase 1 advskew 100
 +        media: Ethernet autoselect (10Gbase-T <full-duplex>)
 +        status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
-        media: Ethernet 10Gbase-T <full-duplex> 
-        status: active 
-        carp: MASTER vhid 2 advbase 1 advskew 100 
 </code> </code>
  
Line 225: Line 229:
 <code> <code>
 [root@VM3]~# ifconfig vtnet3 [root@VM3]~# ifconfig vtnet3
-vtnet3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500+vtnet3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:03:00:03         ether 58:9c:fc:03:00:03
Line 231: Line 235:
         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1         inet 192.168.10.254 netmask 0xffffffff broadcast 192.168.10.254 vhid 1
         inet6 fe80::5a9c:fcff:fe03:3%vtnet3 prefixlen 64 scopeid 0x4         inet6 fe80::5a9c:fcff:fe03:3%vtnet3 prefixlen 64 scopeid 0x4
 +        inet6 2001:db8:10::3 prefixlen 64
 +        inet6 2001:db8:10::fe prefixlen 128 vhid 2
 +        carp: BACKUP vhid 1 advbase 1 advskew 200
 +        carp: BACKUP vhid 2 advbase 1 advskew 200
 +        media: Ethernet autoselect (10Gbase-T <full-duplex>)
 +        status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
-        media: Ethernet 10Gbase-T <full-duplex> 
-        status: active 
-        carp: BACKUP vhid 1 advbase 1 advskew 200 
 [root@VM3]~# ifconfig vtnet4 [root@VM3]~# ifconfig vtnet4
-vtnet4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500+vtnet4: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 58:9c:fc:03:00:03         ether 58:9c:fc:03:00:03
-        inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255 +        inet 2.2.2.3 netmask 0xffffff00 broadcast 2.2.2.255 
-        inet 10.0.0.254 netmask 0xffffffff broadcast 10.0.0.254 vhid 2+        inet 2.2.2.254 netmask 0xffffffff broadcast 2.2.2.254 vhid 3
         inet6 fe80::5a9c:fcff:fe03:3%vtnet4 prefixlen 64 scopeid 0x5         inet6 fe80::5a9c:fcff:fe03:3%vtnet4 prefixlen 64 scopeid 0x5
 +        inet6 2001:db8:2:2:2::3 prefixlen 64
 +        inet6 2001:db8:2:2:2::fe prefixlen 128 vhid 4
 +        carp: BACKUP vhid 3 advbase 1 advskew 200
 +        carp: BACKUP vhid 4 advbase 1 advskew 200
 +        media: Ethernet autoselect (10Gbase-T <full-duplex>)
 +        status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
-        media: Ethernet 10Gbase-T <full-duplex> 
-        status: active 
-        carp: BACKUP vhid 2 advbase 1 advskew 200 
 </code> </code>
 ==== pf state ==== ==== pf state ====
Line 271: Line 281:
  
 Open a tmux session on R1 and generate 2 flows: Open a tmux session on R1 and generate 2 flows:
-  -  A continous ping: ping 10.0.0.4 +  -  A continous ping: ping 2.2.2.4 
-  -  A echo session: telnet 10.0.0.4 7+  -  A echo session: telnet 2.2.2.4 7
  
 ==== pf synchronisation ==== ==== pf synchronisation ====
Line 279: Line 289:
  
 <code> <code>
-[root@VM3]~# pfctl -ss +[root@VM2]~# pfctl -ss 
-all icmp 10.0.0.4:267 <- 192.168.10.1:267       0:+all carp fe80::5a9c:fcff:fe02:2 -> ff02::12       SINGLE:NO_TRAFFIC 
-all icmp 192.168.10.1:267 -> 10.0.0.4:267       0:0 +all carp 2.2.2.2 -> 224.0.0.18       SINGLE:NO_TRAFFIC 
-all tcp 10.0.0.4:<- 192.168.10.1:31058       ESTABLISHED:ESTABLISHED +all carp 192.168.10.2 -> 224.0.0.18       SINGLE:NO_TRAFFIC 
-all tcp 192.168.10.1:31058 -> 10.0.0.4:      ESTABLISHED:ESTABLISHED +all pfsync 192.168.23.-> 224.0.0.240       SINGLE:NO_TRAFFIC 
-all carp 224.0.0.18 <- 192.168.10.      NO_TRAFFIC:SINGLE +all icmp 2.2.2.4:13399 <- 192.168.10.1:13399       0:0 
-all carp 224.0.0.18 <- 10.0.0.2       NO_TRAFFIC:SINGLE +all icmp 192.168.10.1:13399 -> 2.2.2.4:13399       0:0 
-all pfsync 224.0.0.240 <192.168.23.      NO_TRAFFIC:SINGLE+all tcp 2.2.2.4:7 <- 192.168.10.1:11636       ESTABLISHED:ESTABLISHED 
 +all tcp 192.168.10.1:11636 -> 2.2.2.4:7       ESTABLISHED:ESTABLISHED
 </code> </code>
  
Line 293: Line 304:
 <code> <code>
 [root@VM3]~# pfctl -ss [root@VM3]~# pfctl -ss
-all icmp 10.0.0.4:39946 <- 192.168.10.1:39946       0:0 
-all icmp 192.168.10.1:39946 -> 10.0.0.4:39946       0:0 
-all tcp 10.0.0.4:22 <- 192.168.10.1:46911       ESTABLISHED:ESTABLISHED 
-all tcp 192.168.10.1:46911 -> 10.0.0.4:22       ESTABLISHED:ESTABLISHED 
-all carp 224.0.0.18 <- 10.0.0.2       NO_TRAFFIC:SINGLE 
 all carp 224.0.0.18 <- 192.168.10.2       NO_TRAFFIC:SINGLE all carp 224.0.0.18 <- 192.168.10.2       NO_TRAFFIC:SINGLE
 +all carp 224.0.0.18 <- 2.2.2.2       NO_TRAFFIC:SINGLE
 +all carp ff02::12 <- fe80::5a9c:fcff:fe02:      NO_TRAFFIC:SINGLE
 +all pfsync 192.168.23.3 -> 224.0.0.240       SINGLE:NO_TRAFFIC
 all pfsync 224.0.0.240 <- 192.168.23.2       NO_TRAFFIC:SINGLE all pfsync 224.0.0.240 <- 192.168.23.2       NO_TRAFFIC:SINGLE
 +all icmp 2.2.2.4:13399 <- 192.168.10.1:13399       0:0
 +all icmp 192.168.10.1:13399 -> 2.2.2.4:13399       0:0
 +all tcp 2.2.2.4:7 <- 192.168.10.1:11636       ESTABLISHED:ESTABLISHED
 +all tcp 192.168.10.1:11636 -> 2.2.2.4:      ESTABLISHED:ESTABLISHED
 </code> </code>
  
documentation/examples/pf_and_carp_lab.1499381562.txt.gz · Last modified: 2017/07/07 00:52 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki